(Part 2) Best security certification books according to redditors
We found 414 Reddit comments discussing the best security certification books. We ranked the 110 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
I work in healthcare and have had trouble trying to get department managers completely on board but I have gotten to take over a handful of things IT used to do. The way I explained it to my CEO is that data owners are responsible for the who has access to the data and how they access it. Data custodians (IT) are the ones that make sure the data is available and that it gets backed up.
IT used to be both data owners and custodians. I explained to my CEO that IT doesn't know Sally needs (or doesn't need) access to the billing department's file share. It is up to management within that department to make that determination. If it is left to IT a lot of people could end up having access to data they don't need access to. I never really came up with an analogy.
This is covered in the "Information Security Governance and Risk Management" of the CISSP exam. Shon Harris's all-in-one exam book covers it pretty well. Eric Conrad also has a study guide. It does a very good job of explaining the CISSP concepts.
I'm not sure if that is exactly what you're looking for but there it is.
https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/ref=sr_1_1?ie=UTF8&qid=1519675757&sr=8-1&keywords=CSA%2B
https://www.amazon.com/CompTIA-Cybersecurity-Analyst-Guide-Certification/dp/0789756951/ref=sr_1_2?ie=UTF8&qid=1519675757&sr=8-2&keywords=CSA%2B
One of the biggest problems I faced when I first studied for the CISSP was there was too many study materials out there to choose from. I ended up failing the CISSP the first time, because it wasn't because I wasn't smart enough, or had enough experience, or even that I didn't study enough, but it was that I didn't consistently study enough over a given period of time to retain the information needed to pass the CISSP. You cannot cram for this exam, and after a lot of soul searching came up with the following study method that helped me pass the CISSP on the second try and also 4 AWS exams after that using the same exact method:
https://youtu.be/wod92WIn92E
Here are the materials I used to study for and pass the CISSP exam:
https://www.amazon.com/CISSP-All-One-Guide-Eighth/dp/1260142655/ref=sr_1_1_sspa?crid=1JSC78LFDI93A&keywords=shon+harris+cissp+2018+8th+edition&qid=1570920294&sprefix=shon+%2Caps%2C233&sr=8-1-spons&psc=1&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUEyQ0hIUDlHWlU4N1pHJmVuY3J5cHRlZElkPUEwNzgzMzQwMlhGMDQwRFJaMTZKRyZlbmNyeXB0ZWRBZElkPUEwOTY2MTI3MkhMV1o0Q0RKWE9PMCZ3aWRnZXROYW1lPXNwX2F0ZiZhY3Rpb249Y2xpY2tSZWRpcmVjdCZkb05vdExvZ0NsaWNrPXRydWU=
I ended up passing the exam back when it was 6 hours long in only 1.5 hours using the method listed in the link above, reading the whole book and using that testing engine.
Keep your head up, and please feel free to reach out to me should you have any questions.
Hope this helps!
My background: Passed CISSP and helped 2 others pass using the method listed above.
Yea, in face this is the bundle I got:
https://www.amazon.com/CompTIA-Cybersecurity-Analyst-Certification-CS0-001/dp/1260453251/ref=sr_1_5?keywords=CySA%2B&qid=1558129385&s=gateway&sr=8-5
Professor Messer is a great resource as people have already commented. My issue is I just couldn't sit for a long time and pay attention to his videos. I rented a book https://www.amazon.com/gp/product/1337288780/ref=ppx_yo_dt_b_asin_title_o05_s00?ie=UTF8&psc=1 and read through it once. I started making flashcards in the beginning and made probably 100 or so before I just switched to a kindle version and highlighted sections instead. My method probably wasn't the greatest though, I felt like there was quite a bit the book didn't cover. The one thing I wish I would've done was the examples the book had after every chapter. I think that would have helped me quite a bit more. I also kinda wish I would've just toughed it out through Prof Messers videos because they are really good. I also am in an associates program right now, but I just started the cyber security courses. Def helped a little, but I am only 4 weeks in so that basically only covered the first 1/4 of the material really.
http://www.amazon.com/Network-Warrior-Gary-Donahue/dp/1449387861
http://www.amazon.com/Wireshark-Network-Analysis-Second-Certified/dp/1893939944/
http://www.amazon.com/TCP-Illustrated-Protocols-Addison-Wesley-Professional/dp/0321336313/
So, you get 4 days of 8 hour classes and then test on Friday? Or just the one class on Monday, and self study from here til Friday?
It's entirely possible to cram it all in in a week. There are several posts on this. If you have a Kindle, get Darril Gibson's book and go through it as soon as possible. It is the single, most beneficial thing to passing this exam.
I would like to post another review of a certification for CEH version 10. I would like to say I am not a fan of dumps as it does not teach you anything and devalues the certification. I try to put in the time to really understand the information and be technically capable of doing the job.
I started off my process of doing my studying by taking an online based class of 40 hours that was lecture and labs. It was through the Army on something called Skill Port. It was fairly average and I would say that it was not that great a training aid. On a scale of 1-10 it was about a 5.
So I purchased the Sybex book for CEH (https://www.amazon.com/Certified-Ethical-Hacker-Study-Guide/dp/1119533198/ref=dp_ob_title_bk ) . I find that the Sybex book are very easy to read, convey the concept well and don’t drown people in a lot of fluff but they need a spell checker some times. I read through the book and took the practice tests. Anything that I felt weak on I would reread and do a little googling so I could make better sense out of it. Then I retook the practice tests again with a much better outcome.
The material is not super deep and from a hacking perspective it was not what I was expecting. Some areas I would concentrate on were basic ports and protocols, know how to look at a packet capture, ping vs ping sweep, scans, nmap commands and be able to know what it going on to be able to answer the question.
I got a lot of attack type question from cross site scripting attack to Buffer overflow and anything in-between. Some come in the form of questions and some were screen shots. I like the screen captures as I am much better at these because all the pertinent information is there as opposed to questions that a specific to a vendor and can be subjective if you don’t do a lot with EC-Council.
One thing I like to do is ensure I read the answers first and then I read the question. This way I am processing what is possible in the question verse total crap. Usually there are 4 answers and 2 are way out there and one is possible but usually has something that will not comply with the question. One thing I was able to do because I have a good base was even if I did not know the answer I was able to use some critical thinking and get the right answer.
I took about 87 minutes to do the test (they give you 240 mins) and I feel that the test really feels like an entry level exam for people getting into hacking (pen testing). I did well and I put in about 60 to 70 hours total of study time but again I have a good base to work from.
Use this as an nmap command reference. https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
This site has some good reference material also: https://www.danielowen.com/2017/01/01/sans-cheat-sheets/
Know some snort, ids and firewall rules\commands: be able to look at the command and tell what it does.
"Official ISC(2) Training Guide, CISSP CBK, Participant's Guide", which doesn't appear to be on Amazon, but this is probably close.... they gave me a .pdf only version of it. The cover is the same except my pdf says "Participants Guide" under the CISSP logo
https://www.amazon.com/dp/B00W4YSL0Q/
I took a three week course through the Army studied this book https://www.amazon.com/CompTIA-Advanced-Security-Practitioner-Study/dp/1118930843 and used a dump to do some practice questions. It is mainly IT security management, but is still very technical in nature. Look up the test objectives that CompTIA has for the exam and make sure you understand then. STUDY STUDY STUDY. I prepared for two weeks before the three week course and still did not feel comfortable going through the exam. Not trying to scare you I'm just relaying my own personal experience. Good luck to you!
Your most important starting step is to make sure that you have the foundational knowledge, at least at a conceptual level. I'm a big fan of books, so I would recommend a few to you.
Pick ONE of these. Exam is not necessary, but recommended:
Mike Meyers CompTIA Network+ All-in-One Exam Guide
Todd Lammle's CCENT Study Guide - ICND1
Pick ONE of these. Pay attention to business terminology as well. Again, exam is not necessary, but recommended:
Mike Meyers CompTIA Security+ Certification - SY0-501
CompTIA Security+ All-in-One Exam Guide
Darril Gibson SSCP All-in-One Exam Guide
100% read this. It's the Bible of Python scripting. Second edition is brand spanking new too:
Automate the Boring Stuff with Python
This is a good all-around Penetration Testing book that teaches Linux too. You don't *have* to use Kali, Ubuntu is probably less intimidating to those new to Linux, but you will have to install your own software/packages. This is the only book on this list I haven't read, but I often see it recommended:
Penetration Testing: A Hands-on Introduction to Hacking
While you read these books, you should install some kind of Linux distro on a home computer and use it for practice. I would also recommend doing HackTheBox(first challenge is to hack the login page) and starting with the easy boxes. Do as much as you can on your own first, but if you get stuck, watch IppSec's YouTube walk-through for the box you are on. Might be a bit overwhelming until you get through most of the books on that list though.
You should also start looking towards either the eJPT/eCPPT, the OSCP, or GPEN at this point, as those are the best value certifications in this field and will hold a lot of weight at an interview. There's some stigma with certifications in IT/CS, but the ones I listed are all baseline knowledge and/or high value for those in this field. At the very least the knowledge will go far. But definitely avoid anything from EC-Council like the plague.
I think the main issue with the C|EH (I have it) is that the exam format is based around remember / regurgitate multiple choice answers, and doesn't really encourage the student to learn the practical side of things. With a couple of weeks and a decent book, it's fairly easy to pass. You'll have the cert but no further on in knowing how to actually conduct a pen test.
IMHO, if there was more of a focus on doing things, such as actually running and interpreting an nmap scan, with perhaps 10 or so simulations on the exam, I think it would improve it's standing and be of more benefit to the student.
EDIT Save yourself the $870 and buy these two books
https://www.amazon.com/Certified-Ethical-Hacker-Guide-Third/dp/125983655X/ref=sr_1_1?ie=UTF8&qid=1481303255&sr=8-1&keywords=certified+ethical+hacker+exam+guide
https://www.amazon.com/Certified-Ethical-Hacker-Practice-Exams/dp/1259836606/ref=pd_sim_14_3?_encoding=UTF8&pd_rd_i=1259836606&pd_rd_r=D0PT9NP2JQPKJFZBCRYK&pd_rd_w=nnz94&pd_rd_wg=3DMrQ&psc=1&refRID=D0PT9NP2JQPKJFZBCRYK
You then need to jump through a few hoops and convince the EC Council that you don't need their training package, and just want to take the exam for $500
I passed a few days ago. I felt pretty comfortable during the whole exam. I have a MSCSIA from WGU (I took SSCP 4 months after graduating). I have a CCNA, CCNA Sec, Security+, and a few others. I consider the SSCP a Security+ that uses more applied knowledge vs security+ (sec+ seems to quiz you more on facts you can answer the question with)
​
I utilized:
​
I'd give this to anyone looking to pass the SSCP:
I utilized Lynda; look for SSCP Cert Prep 1,2,3,4,5,6,7 while taking notes with the videos. After watching each video for one of the domains, I would use the questions at the end to see how I tested. For each question I got wrong, I would write it down and continue to the ISC2 Offical Practice Tests online and practice the entire set of questions for that domain. I DID THIS IN PRACTICE MODE. For each question I got wrong, I wrote them down in the same fashion I did for the end of domain questions in Lynda, and read the explanation as to why I got it wrong, and understood the purposes of the other answers that were wrong (if firewall was the wrong answer, I would understand what the purpose of a firewall was, and I would understand why VPN was the correct answer). Basically, knowing what each of the 4 answers are will give you the best chance for the SSCP.
After I wrote down the issues I was having, I utilized the AIO book and tracked down the answers to the questions I got wrong and read the related section and took notes.
I would re-take the official practice tests again only if I felt I was "shakey" (usually if I scored under 75%).
I did this for each domain, and then after all domains I used the end of chapter tests in the AIO as another set of questions.
I then took the 1st practice test with the official practice questions and got a 68% (I swear this was way harder than the SSCP, DON'T WORRY!)
After the first practice test, I found out why I was wrong, studied the AIO on those again, and took notes.
I then moved to the TotalSEM provided by the AIO book, and took 1 set of 125 questions, and then a second set with 250 questions. TotalSEM is easier than the SSCP, but i feel if you're getting over 90% on them, you will be ready for the SSCP.
After I finished the 250q set from TotalSEM (the day before my exam), I took the second practice test from official practice test and got a 73%. Next day I took and passed the SSCP (provisionally).
​
I took 7 weeks of studying (1 week per domain) and 1 week of pure test taking.
​
TL;DR:
This book? CISM Certified Information Security Manager All-in-One Exam Guide https://www.amazon.com/dp/1260027031/ref=cm_sw_r_cp_apa_i_F9FQCbP43DSF6
this book.
i did enjoy packetbomb as i picked up a few nice tips but i dont know if it scratched the full itch i was having at the time.
Referring to Security+ books. I like the Security+ ExamCram (https://www.amazon.com/CompTIA-Security-SYO-401-Exam-Cram/dp/0789753340/ref=sr_1_7?ie=UTF8&qid=1520956323&sr=8-7&keywords=security%2B+401) a lot better than All in One Comptia Security+ (https://www.amazon.com/CompTIA-Security-Guide-Fourth-SY0-401/dp/0071841245/ref=sr_1_4?ie=UTF8&qid=1520956323&sr=8-4&keywords=security%2B+401)
He does! I just bought the kindle version (only $10) to use for my own studies.
Well for starters, the CASP was just updated. Prior to that it hasn't been updated since it released in 2011. So it became increasingly out of date. On top of that, there have been other more recognized certs out there that seemed to be in more demand. This isn't to say that will change.
Also keep in mind, most people are only aware of the CompTIA trifecta. Even Linux+ until recently was considered a joke as well. It wasn't until they teamed with LPI that it started to gain momentum.
As for studying for the CASP here are some resources you may look at.
You take care of that new irresponsible worker?
Network + Book
Will give me something to read and study for my Network+ Exam for work.
Mike Mike Mike Mike Mike Mike
Oh no problem at all, I found there were a few questions on Poodle/shellshock in there which I knew there would be and questions regarding a few tools (nmap and such). I do have a study guide and a good prep book that I used. CEHv9 Study Guide found here: https://www.amazon.com/CEH-v9-Certified-Ethical-Version/dp/1119252245
You can find it other places too, if you would like to see the study guide send me a PM and i'll copy and paste it for you!
I did not feel ready after I studied my _____ off. However, this might help you to get ready...
I started with the CISSP Study Guide, Second Edition: Eric Conrad, once I was done with that within 2 weeks, I read 11th hour by the same author. 11th hour was just a review/summary of the study guide so it was just to refresh what was read in CISSP Study Guide, Second Edition: Eric Conrad.
Any time I would get some free time in between while reading the two above mentioned books, if I go for a walk, drive to work or go for a run I would listen to Audio files from Shon Harris (I probably went twice through the entire Audio sessions (you can download here: http://www.mhprofessional.com/sites/CISSPExams/exam.php?id=AccessControl (see MP3 download under each domain) (I downloaded these and stored them on my phone so it was convenient for me to just hit play whenever I had some free time).
I also downloaded a CISSP App on google play that lets you take quizzes and study cards across all the domains (free app, so if you have an android device look for CISSP Flashcards by BH Inc.). I did these when I had some free time here and there.
I decided to get signed up with CCCure (https://www.freepracticetests.org/quiz/index.php?page=register ) for $50 you can take as many quizzes as you want for 6 months. This was well worth the money. I started taking practice exams about 50 questions per day. I selected (Study Mode, Hard, Closely related). I would do the 50 questions then the ones that I got wrong I would review within the engine as it had explanations.
I also the started reading Shon Harris All-in-One 6th edition (http://www.amazon.com/CISSP-All-One-Guide-Edition/dp/0071781749). Once I read that book (took me few weeks to finish it) (Boring book, but goo material, sometimes to deep, but good amount of information to prepare you for the exam), I installed the testing engine that came with the book called TotalTester, and started doing about 50 questions a day over all domains.
Throughout the day I would do 50 questions from TotalTester, and review the ones that I got wrong, and I would do 50 questions from CCCure, (but now I changed CCCure to Study Mode, PRO, closely related) and sometimes I would select un-attempted questions only, and then I would review the ones that I got wrong. For me was my goal to have 80%+ on the practice exams of 50 questions.
Now it was getting closer to the exam so I picked up AGAIN the CISSP Study guide from Erik Conrad the second edition, and would read a domain for a day or two, then read the summary ONLY from Shon Harris book for that domain (to refresh my memory even more), then take the total tester 50 questions just for that domain and review the questions that I got wrong, I would also do 50 questions on CCCure on that same domain and do the same review the wrong ones. If I was scoring 80-90% then I would move to the next domain and do the same.
Then the weekend before my test I reviewed again the 11th hour from Erik Conrad, and on Saturday I covered 5 domains, on Sunday I covered the next 5 domains to refresh my memory.
I personally though it was very important for me to keep taking practice exams every day so I felt like that every chance I got I would do exams of 50 questions between the two testing engines, sometimes resulting in covering 200+ questions a day. Some started being the same questions but that is I how I learn, by repetition and I would retain a lot that way.
Maybe I over did it and over prepared, but I just wanted to pass the exam…
The day before the exam I still felt unprepared, even thou I was scoring well on the practice exams and after all the material that I have covered. I guess its common human nature. So I tried my best to relax the day before my exam and tried to do something that would get my mind off the exam, go for walk, visit friends, go for coffee, watch a movie, and it is very important to STAY CALM the day before and while taking the exam.
When you get to the testing center, and start the exam, DO NOT RUSH… take your time and review each question carefully. Read all the answer choices for every question, you have 6 hours there…For questions that you are not sure of the answer mark them for review, and review them later once you reach 250th question.
For me the worse feeling was after I finished the exam and when it said to go and get my printout that would say if I passed or not. I felt horrible as I thought I did badly on the exam. The questions were tough and sometimes while you could rule out two answers as a definite NO, there would be two choices that are so close of being right. However, receiving the piece of paper, when I looked at it, it said Congratulations, …you have passed…I was happy to see that.
So remember when answering questions and making your decision on an answer, Human life is always #1. Standards, policies, and regulations always precede everything else. Think as a CEO and not a Sec Admin when it comes to $$$$. Read the question carefully as they will tell you, a System Admin, A security officer, a senior manager, make sure that when you see those in the question you try to think as that person and what would be the best for the company.
Know the formulas for ALE and SLE and study hard the BCP, BIA and DR. I also thought that I needed to know the most in Crypto so I spend a large amount of time covering cryptography as it was one of my weakest domains. I also watched this 90 minute video that kind a helped a bit as well: http://resources.infosecinstitute.com/mini-course/cryptography-cissp-training/
Right now CySa+ materials are going on sale because the test is going to change. A new test is coming in the next 6 months or so. That being said it might be worth while getting Net+ first. As I'm sure you noticed while taking Sec+ there is a lot of Networking involved. However, if you are comfortable with networking then I'd just straight to CySa+ while the materials are cheep and your Sec+ knowledge is still fresh.
>New CompTIA CySA+ (CS0-002) exam coming in Q2 2020!
This study bundle is 51% off on amazon currently.
CySa+, like Sec+, is DoD approved so it's (typically) worth more in the job market than Net+
> CompTIA CySA+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is compliant with government regulations under the Federal Information Security Management Act (FISMA). Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program.
How long did it take you to study? and what materials did you use?
I currently have the exam cram security+ book, and just recently ordered the symbex book alongside it. I learned from people that took the CCNA that multiple sources are a good thing but don't go overboard, a cert only lasts for a few years and you'll need to take it again with more up to date literature. Congratulations.
I used this and this. Both together are more than you'd need. If you have Sec+ and have even a small amount of industry/best practice/common sense experience, you'll be fine.
Not advocating them, but I'm sure there's braindumps for it, as it is entirely multiple choice, other than a few simulations at the beginning.
No. It's a lot of unnecessary work. Study for them, sure; do the Skillport modules , even though they aren't super helpful. If anything it'll knock out some busy work for you during the course. I'd recommend buying Passport books for both Net+ and Sec+ (Net+ passport book) and using those as your main study material. If you hit that hard before you go and for the month that you're here before you take the certs I'm 90% sure you'll pass.
Books also include:
https://www.amazon.co.uk/Comptia-Cybersecurity-Analyst-Guide-Certification/dp/0789756951/ref=sr_1_3?ie=UTF8&qid=1506360646&sr=8-3&keywords=comptia+csa%2B
Buy this and read it tomorrow. Take the quiz in the front first. You'll probably be surprised at how well you do.
https://www.amazon.com/CompTIA-Security-SYO-401-Exam-Cram/dp/0789753340
Other than security-specific stuff, make sure your bread-and-butter PM skills are up to date.
A coworker is doing this one and I just ordered it. It is 541 pages total. He seems to like it. I just ordered it as well.
https://www.amazon.com/gp/product/1260027031/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1
professor messer, and this book https://www.amazon.com/CompTIA-Security-Guide-Network-Fundamentals/dp/1337288780
also exam compass questions
I used this book:
https://www.amazon.com/gp/aw/d/B00NNWKN3G/ref=mp_s_a_1_1?ie=UTF8&qid=1495649897&sr=8-1&pi=AC_SX236_SY340_QL65&keywords=security%2B
Like the All-In-One series CEH book. I only read that book and I passed with a perfect score. Even has example/practice tests in the back that were very close to the real test.
Ya the book is at: www.amazon.com/gp/aw/d/1893939995/ref=mp_s_a_1?qid=1333045852&sr=8-1
They preview a few examples there too.
Which book did you get for your class? I did an Ethical Hacking class last term. The book they had us use was CEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition from McGraw-Hill. It wasn't too bad although I wouldn't use it as my only source for the exam. I'm not planning to take the test until I'm done with school in Feburary.
https://www.amazon.com/Certified-Ethical-Hacker-Guide-Third/dp/125983655X/ref=sr_1_5?ie=UTF8&qid=1495033480&sr=8-5&keywords=ceh+v9+certified+ethical+hacker+version+9+study+guide
http://www.amazon.com/CISSP-All---One-Guide-CDROM/dp/0071781749/ref=la_B001I9Q6M8_1_1?s=books&ie=UTF8&qid=1407553334&sr=1-1
This?
https://www.amazon.com/CompTIA-Complete-Practice-Tests-220-1001/dp/1119516978/ref=sr_1_2?keywords=exam+a%2B+1001&qid=1565901789&s=gateway&sr=8-2
Do you think this will help me?
Start with the videos from the last couple of Wireshark conferences. In my experience, people usually feel the know more about Wireshark then they actually do- it's easy to get the basics, however tough to master. Also pick up the Analysts Certification book.
Sharkfest
book
> CISSP
This one maybe? http://www.amazon.com/CISSP-All---One-Guide-Edition/dp/0071781749/
Also, Blizzard states having CISSP is a plus - so thank you very much for this suggestion!
EDIT: do you know anything more specific or any other good cert?
i bought the combo but i do believe the book does come with an online test bank. not sure how many questions though
Get the box set on Amazon, a steal at $36
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide and Official ISC2 Practice Tests Kit https://www.amazon.com/dp/1119314011
I took the Net+ in November before I enrolled at WGU. I read through the Mike Myers Network+ Passport book and passed the exam no problem YMMV
https://www.amazon.com/CompTIA-Network-Certification-Passport-Authorized/dp/0071789057
https://www.amazon.com/Certified-Ethical-Hacker-Bundle-Third/dp/125983753X/ref=sr_1_1?ie=UTF8&qid=1495240720&sr=8-1&keywords=CEH+All+In+One
THIS. In very few instances are you able to read a single book and gain so much knowledge. Read a book, understand the book, get a job!
https://www.amazon.com/CompTIA-Network-Certification-Passport-Authorized/dp/0071789057/ref=sr_1_11?s=books&ie=UTF8&qid=1494895422&sr=1-11&keywords=comptia+passport+plus
Hello,
Thanks for the reply. What I meant is what is the difference between Sybex and this book https://www.amazon.com/Official-Guide-CISSP-Fourth-Press-ebook/dp/B00W4YSL0Q/ ? Are both same?
Regards,
Sop
https://www.amazon.com/Certified-Ethical-Hacker-Bundle-Third/dp/125983753X
No lab questions per se; there were scenarios like read this nmap out and choose the best answer. No pick more than 1's. I used Oriyano's guide. Didn't read all of it. Maybe 50%. https://www.amazon.com/CEH-v9-Certified-Ethical-Version/dp/1119252245/ref=sr_1_1?ie=UTF8&qid=1486960385&sr=8-1&keywords=ceh+v9
i'm looking at this one, it doesn't come out for over a month but I'm not planning to start studying until middle of june. Certmaster seems like it'd be useful but I def can't afford to drop the money they're asking. Can't find much else in terms of worthwhile practice tests, even the paid ones seem to be recycled.
Sybex edited a great book which is going to be updated to V10 this month, even they postposing the release date the V9 from the course is a great book and I can speculate the updated version of the book would be great. Matt AIO is a great book but for a study guide I prefer something more structured like Sybex edition, this book is more adaptable to be used as a study guide. I own both editions Sybex and McGraw-Hill and I really enjoyed both.
Thanks for the heads-up. Do you think it's worth it to get the book and practice test combo or just the book?
I personally recommend:
CEHv9 https://www.amazon.com/CEH-v9-Certified-Ethical-Version/dp/1119252245/
Hacking the art of exploitation https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/
Penetration Testing: A hand on Introduction to hacking: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/
That is because it is the old version.
To be fair that is the one I studied since I studied after the current test was released but before the new edition and I passed first try so maybe it's fine?
​
EDIT: NOPE. 8th Edition is $41, which is $3 cheaper.
​
https://smile.amazon.com/CISSP-All-One-Guide-Eighth/dp/1260142655/ref=sr_1_1_sspa?keywords=cissp+all+in+one&qid=1555433292&s=gateway&sr=8-1-spons&psc=1
2 Reasons. I have a friend who already has study materials from his 2 allotted pre-tests (audio and videos) and I have already purchased GCIA Books online. Almost done studying. Hopefully can get to the 91% and be on the GCIH Advisory Board..
Reason#2 is that the NEW CISSP Books won't be released until End of OCT. If I'm going to buy the materials, might as well be up-to-date.